NSA suggested decreasing DES's key size. IBM ultimately agreed to use effectively 56-bit* keys. This by definition makes brute force attacks easier. It was apparently criticized at the time, but it's worth noting that there's nothing secretive about it -- it's a basic and obvious element of the algorithm.
The public cryptographic community started brute-forcing DES keys for fun in the '90s; with the NSA's budget, they could have been doing it from the beginning.
* DES keys are 64 bits, but 8 bits are for parity, so the meaningful key length is 56 bits.
The public cryptographic community started brute-forcing DES keys for fun in the '90s; with the NSA's budget, they could have been doing it from the beginning.
* DES keys are 64 bits, but 8 bits are for parity, so the meaningful key length is 56 bits.